All Palo Alto Networks firewalls have a built-in packet
capture (pcap) feature you can use to capture packets that traverse
the network interfaces on the firewall. You can then use the captured
data for troubleshooting purposes or to create custom application
signatures.